Problem with PHP 5.2.7

PHP 5.2.7, which was released last Thursday (4 December), has a bug that prevents “magic quotes” from working. If you rely on magic quotes, do not install PHP 5.2.7. Either revert to PHP 5.2.6 or wait until a fix is released. The bug has been fixed in PHP 5.2.8. the “snapshot” version of PHP, which can be obtained at

If you turn magic quotes off in PHP—which you should—you won’t be affected by this bug. It serves as a reminder that magic quotes are due to be removed in PHP 6. Magic quotes were originally introduced to make life “easier” for inexperienced developers by automatically inserting a backslash in front of single and double quotes in user input to prevent problems with database insertion. However, they have proved more trouble than they’re worth. Instead of magic quotes, you should use dedicated functions, such as mysql_real_escape_string(), or prepared statements with MySQLi or PDO to handle quotes and other special characters and protect your database from SQL injection attacks.

This entry was posted in MySQL, PHP. Bookmark the permalink.

9 Responses to Problem with PHP 5.2.7

  1. Is there any reason why anyone would turn the stupid thing on to begin with?

  2. David Powers says:

    Yes, I can think of a very good reason to turn on magic quotes. Most, if not all, hosting companies turn on magic quotes. If developing sites for deployment on a shared host, it’s essential to use the same settings to make sure your code works as expected.

    Moreover, if you base php.ini on php.ini-dist, magic quotes are automatically turned on. My recommendation is to turn them off, but it’s not always practical to do so.

  3. Raphael says:

    What about v 5.2.8?

  4. David Powers says:

    Version 5.2.8 fixes the bug in 5.2.7.

  5. Raphael says:

    Re PHP Solutions
    I started working through this book but I noticed that on the test phpinfo.index page the mysql and mysqli extensions are missing. Sine I have not installed mysql as yet is this normal?

    I tried posting on the forum but not getting any help there.

  6. David Powers says:

    Raphael, no, it’s not normal. It depends how you installed PHP. The book’s updates and amendments page has updated instructions for installing PHP. Since I don’t know which method you have used, it’s difficult to give any advice, but the likely causes are not including the PHP folder in your Windows path, forgetting to uncomment the relevant DLL files in php.ini, or not selecting the MySQL extensions when using the Windows installer.

  7. I am trying to install PHP 5.2.8 and keep getting it wrong, although I am following your instructions to the letter in your Essential guide to DW CS3. This part of the instructions never happens:

    “The wizard is now ready to install PHP. If you selected Apache, it asks whether you want it to configure Apache. Click Yes. After the installation, you should see two alert boxes telling you that the Apache configuration and mime.types files were successfully updated.”

    Apache 2.2.11 installed with no issues but after I install PHP the Apache service won’t run and gives an error saying it can’t find the proper module for PHP.

    Help please!

  8. ardmad says:

    Hi david. I would like to ask you a question but seems there is no way other than this. I have purchased 2 of your book (PHP 5 for Flash and Dreamweaver CS3 with CSS, Ajax and PHP. As a proof=on page 190 php 5 for flash you talk about few Orcs and Balrog and in Dreamweaver there is about quote saying if you couldn’t find anything in London).

    My question is: can you tell me what PHP code can I use to protect my website from being copied? Here are the link to one of the website that nobody can.

    Sincerely, I will be really grateful if you could lead me to such code because recently, people had been copying my website. Thanks.

  9. David Powers says:

    Who says nobody can copy that website? It took me less than five seconds to reveal the source code. In Firefox, select View > Page Source. Don’t be fooled by the “protected” status and the comment that says “Source code not available”. Just scroll down a very long way, and all the source code is revealed.

    Hiding source code is an urban myth. For a page to be displayed in a browser, the browser needs to access the HTML output and images. There are techniques make it a little more difficult to see the code, but they’re essentially useless.